CLAIMS 

What is claimed is: 

1. A method for controlling access to a server device by at least one 
client device that is operatively coupled to the server device through at least one 
interconnecting network, the method comprising: 

causing a user-side portion of a network server logic within the server 
• device to selectively specify at least one network from which the user-side portion 
would accept client device information; and 

causing a kernel-side portion oflthe network server logic to accept the 
client device information only if the client device information has been provided 
via the specified network. 

2. The method as recited in Clairn 1, further comprising: 
if the client device information has not been provided via the specified 

network, causing the kernel-side portion to reject the client device information and 
notify the client device in a manner that identifies the rejection. 

3 The method as recited in Claim 2,\wherein the kernel-side portion 
notifies the client device using at least one message selected from a group of 
messages comprising a TCP reset message and an\ICMP destination unreachable 
message, as applicable. 



4. The method as recited in Claim 1, furtheit comprising: 

providing a communication socket for use by thevkernel-side portion; and 
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causing the kernel-side portion to compare client device information 
received on the communication socket to the specified network. 

5. The method as recited in Claim 1, wherein causing the user-side 
portion to selectively specify at least one network from which the user-side portion 
would accept the client device information, further includes causing the user-side 
portion to selectively specify a plurality of networks from which the user-side 
portion would accept the client devic^e information; and 

wherein causing the kernel-side portion to accept the client device 
information only if the client devile information has been provided via the 
specified network, further includes casing the kernel-side portion to accept the 
client device information only if the cKent device information has been provided 
via at least one of the specified plurality of networks. 



6. The method as recited in Claim 1, wherein causing the user-side 
portion to selectively specify the at least one network from which the user-side 
portion would accept the client device information further includes having the 
user-side portion specify at least one local network interface. 



7. The method as recited in Claim 1, wherein causing the user-side 
portion to selectively specify the at least one network from which the user-side 
portion would accept the client device information further includes having the 
user-side portion specify at least one IP address. 
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8. The method as recited in Claim 1, wherein the network server logic 
is operatively configured to support at least one client-server based process 
selected from a group of procisses comprising a file-sharing communication 
process, a TCP-based communication process, a UDP-based communication 
process, a HTTP-based communication process, a digital media based 
communication process, a DNS-blsed communication process, and a database 
related communication process. 



9. The method as recited \ in Claim 1, wherein the user-side portion 
includes an application-programming \ interface (API) operatively configured to 
allow an application to specify the at least one network from which the user-side 
"portion would accept the client device information. 

10. The method as recited in\Claim 9, wherein the API is further 
operatively configured to allow the application to specify a listing of networks 
from which the user-side portion would accept the client device information. 

11. The method as recited in Claim 10, wherein the API is further 
operatively configured to allow the application tto selectively modify the listing of 
networks from which the user-side portion \vould accept the client device 
information. 

12. The method as recited in Claim 1, Wherein the kernel-side portion 
includes a TCP/IP driver. 



Ue & Hayes, PLLC 



18 



\ 



0913001659 MS1-652US.PAT.APP.DOC 



13. A computer-readable medium having computer-executable 
instructions for performing steps comprising: 

causing a user-side portion of a network server logic within a server device 
to selectively specify at least on^ietwork from which the user-side portion would 
accept client device information; and 

causing a kernel-side portion of the network server logic to accept the 
client device information only if th^ client device information has been provided 
via the specified network. 

14. The computer-readable medium as recited in Claim 13, further 
comprising computer-executable instructions for: 

if the client device information lias not been provided via the specified 
network, causing the kernel-side portion tovreject the client device information and 
notify the client device in a manner that identifies the rejection. 

v 

15 The computer-readable medium \as recited in Claim 14, wherein the 
kernel-side portion notifies the client device iling at least one message selected 
from a group of messages comprising a TCP reset message and an ICMP 
destination unreachable message, as applicable. 

16. The computer-readable medium as rpcited in Claim 13, further 

comprising computer-executable instructions for: 

providing a communication socket for use by thdkernel-side portion; and 
causing the kernel-side portion to compare client device information 

received on the communication socket to the specified network. 
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17. The computer-readable medium as recited in Claim 13, wherein 
causing the user-side portion to selectively specify at least one network from 
which the user-side portion would\accept the client device information, further 
includes causing the user-side portion to selectively specify a plurality of networks 
from which the user-side portion would accept the client device information; and 

wherein causing the kemel-side portion to accept the client device 
information only if the client device information has been provided via the 
specified network, further includes causing the kernel-side portion to accept the 
client device information only if the client device information has been provided 
via at least one of the specified plurality of networks. 



18. The computer-readable medium as recited in Claim 13, wherein 
causing the user-side portion to selectively specify the at least one network from 
which the user-side portion would accept tlib client device information further 
includes having the user-side portion specify at least one local network interface. 



19. The computer-readable medium as\ recited in Claim 13, wherein 
causing the user-side portion to selectively specifyuhe at least one network from 
which the user-side portion would accept the client device information further 
includes having the user-side portion specify at least one IP address. 



20. The computer-readable medium as recited\in Claim 13, wherein the 
network server logic is operatively configured to supportW least one client-server 
based process selected from a group of processes comprising a file-sharing 
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communication process, a TCP-based communication process, a UDP-based 
communication process, alHTTP-based communication process, a digital media 
based communication process, a DNS-based communication process, and a 
database related communication process. 

21. The computer-readable medium as recited in Claim 13, wherein the 
user-side portion includes an application-programming interface (API) operatively 
configured to allow an application to specify the at least one network from which 
the user-side portion would accept tiie client device information. 

22. The computer-readable\ medium as recited in Claim 21, wherein the 
API is further operatively configured to allow the application to specify a listing of 
networks from which the user-side Yportion would accept the client device 
information. \ 

23. The computer-readable medium as recited in Claim 22, wherein the 
API is further operatively configured to allow the application to selectively modify 
the listing of networks from which the user-side portion would accept the client 
device information. \ 

24. The computer-readable medium asVecited in Claim 13, wherein the 
kernel-side portion includes a TCP/IP driver. \ 

25. A method for establishing per-socket Werface listings, the method 
comprising the steps of: \ 
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a) 



b) 



c) 



d) 



issuing, by a us^r-side application, at least one network identifier 
from which the user-side application would accept client device 
information; 



receiving, by a user-side portion of a network server process, the 
at least one networkndentifier; 

issuing, by the us^r-side portion, the at least one network 
identifier; and 

receiving, by a kernelVside portion of a network server process, 
the at least one network\identifier. 




26. An apparatus comprising: 
memory; and 

network server logic, operatively coupled to the memory and configurable 
to support at least one client-server communication session, the network server 
logic having: 

a user-side portion that is configured to selectively specify at least 
one network from which the user-side portion would accept client device 
information, and 

a kernel-side portion that is configured to accept the client device 
information only if the client device information has been provided via the 
specified network. 



27. The apparatus as recited in Claim 26, wherein if the client device 
information has not been provided via the specified network, the kernel-side 
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portion is further configured to reject the client device information and notify the 
client device in a manner that identifies the rejection. 



28 The apparatus as recited in Claim 27, wherein the kernel-side portion 
is configured to notify the client (Lvice using at least one message selected from a 
group of messages comprising a TCP reset message and an ICMP destination 
unreachable message, as applicable^ 




29. The apparatus as recited in Claim 26, further comprising: 

a communication socket for use by the kernel-side portion during the 
communications session, and wherein the kernel-side portion is further configured 
to compare client device information received on the communication socket to the 
specified network. 

30. The apparatus as recited in Qlaim 26, wherein is further configured 
to selectively specify a plurality of networks from which the user-side portion 
would accept the client device information; ar 

wherein the kernel-side portion is further configured to accept the client 
device information only if the client device information has been provided via at 
least one of the specified plurality of networks. 



3 1 . The apparatus as recited in Claim 26,\wherein the user-side portion 
is further configured to specify at least one local network interface. 
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A 



32. The apparatus as recited in Claim 26, wherein the user-side portion 
is further configured to specify \at least one IP address. 



33. The apparatus as recited in Claim 26, wherein the communication 



session is further configured to^ support at least one communication process 
selected from a group of communication processes comprising a file-sharing 
communication process, a TCP-based communication process, a UDP-based 
communication process, a HTTP-based communication process, a digital media 
based communication process, a DNS-based communication process, and a 
database related communication process. 

34. The apparatus as recited \n Claim 26, wherein the user-side portion 
includes: 

an application-programming inteirface (API) operatively configurable to 
allow an application to specify the at leas* one network from which the user-side 
portion would accept the client device information. 



35. The apparatus as recited in Claim 34, wherein the API is further 
operatively configurable to allow the application to specify a listing of networks 
from which the user-side portion would accept tha client device information. 



36. The apparatus as recited in Claim 35, wherein the API is further 
operatively configurable to allow the application to selectively modify the listing 
of networks from which the user-side portion wouHJ accept the client device 
information. 
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37. The apparatus asVecited in Claim 26, wherein the kernel-side portion 
includes a TCP/IP driver. \ 
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